Don't really need any specific permissions created per the GPO, but you need to have the GPO add the AD Group the help-Desk Techs are in to the local Administrators Group of the PC's on the domain. that would let them do whatever they needed to on PC's.

5 Replies

Don't really need any specific permissions created per the GPO, but you need to have the GPO add the AD Group the help-Desk Techs are in to the local Administrators Group of the PC's on the domain. that would let them do whatever they needed to on PC's.

no, you don't have to go PC to PC to add them, that's the beauty of the groups mentioned above, you can use the same process to add the new local admin group you create to the PC's existing "Administrators" group